Scallop has been battle-tested since launch. Since Defi lending emerged, some major hacks has happened. These events have led to countless learnings which have culminated in the improvements of Scallop. Scallop aims to reduce risk and improve decentralization, and will keep a steady style for innovation and asset safety management.
Note that this document is a work in progress, and features may be added or modified as conditions changed.
One issue faced by borrowers is that collateral withdrawals aren’t always available (when utilization is at 100%). Think of a bank, people would always expect to get their collateral back, when the debt is repaid. The Protected Collateral feature provides this functionality.
For example, users can borrow USDC with SUI. The SUI can be withdrawn at any time if USDC is repaid. While other protocols have no guarantee for this.
the Mango exploit and the Solend USDH exploit in late 2022, Prices are manipulatable enough to make for a profitable attack.
Bunny price attack uses on-chain oracle, which leads to 95% price crash.
Scallop uses multi-oracle strategy and off-chain oracles to prevent the manipulation of oracle price.
In scallop, when a user wants to borrow an asset, the program gets that prices from multiple oracles, such as Pyth, Supra, Switchboard, etc. In code it checks that these prices are not too far away from each other.
Let x = pythPrice
let y = switchboardPrice
let z = supraPrice
if (|x - y| / x <= 1% && (x - z) / z <= 1%) pass;
else reject;
And, Scallop never use on-chain dex prices to feed the price, this will avoid the flashloan price manipuation.
Assets have varying levels of risk, which accounts for using LTVs. However, this only captures the risk of using an asset as collateral, not the risk of borrowing an asset.
For example, consider three assets:
With 100 USDC as collateral, the same amount of USDT or SUI can be borrowed despite their difference in risk.